EP3989481A1 - Procédé permettant d'effectuer un échange de clés pour une opération de sécurité dans un dispositif de stockage et procédé de réalisation d'un transfert d'autorisation dans un dispositif de stockage l'utilisant - Google Patents
Procédé permettant d'effectuer un échange de clés pour une opération de sécurité dans un dispositif de stockage et procédé de réalisation d'un transfert d'autorisation dans un dispositif de stockage l'utilisant Download PDFInfo
- Publication number
- EP3989481A1 EP3989481A1 EP21185276.9A EP21185276A EP3989481A1 EP 3989481 A1 EP3989481 A1 EP 3989481A1 EP 21185276 A EP21185276 A EP 21185276A EP 3989481 A1 EP3989481 A1 EP 3989481A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- user
- certificate
- storage device
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Definitions
- One or more embodiments described herein relate to security measures for semiconductor devices.
- SSDs Solid state drives
- HDDs hard disk drives
- FDE hardware-based full-disk encryption
- TCG Trusted Computing Group
- One or more embodiments described herein provide a method of improving security of a storage device, which, for example, may be a semiconductor memory.
- One or more embodiments described herein may provide a method of improving security by performing a key exchange for a security operation in a storage device such as a self-encrypting drive (SED).
- a storage device such as a self-encrypting drive (SED).
- SED self-encrypting drive
- One or more embodiments described herein provide a method of performing authority transfer in a storage device (e.g., SED) using the key exchange method.
- a storage device e.g., SED
- a method of performing key exchange for a security operation in a storage device to be accessed by a plurality of user identifications includes generating, by a trusted third party (TTP) in or coupled to the storage device, a first certificate based on a first user ID and a first public key and generating, by the TTP, a second certificate based on a second user ID and a second public key.
- TTP trusted third party
- the method further includes, while the storage device is accessed by the first user ID, performing a first verification on the second certificate based on a third certificate in or accessed by the TTP, and when the first verification is successfully completed, deriving a ciphering key based on a first private key and the second public key obtained by the first verification.
- the method further includes, while the storage device is accessed by the second user ID, performing a second verification on the first certificate based on the third certificate and, when the second verification is successfully completed, deriving the ciphering key based on a second private key and the first public key obtained by the second verification.
- a method for performing authority transfer in a storage device that includes a first storage region and is accessed by a plurality of user identifications (IDs).
- the method includes performing a key exchange between a first user ID having a first access authority to the first storage region and a second user ID to be obtained the first access authority and, while the storage device is accessed by the first user ID, encrypting a first key-encryption-key (KEK) based on a ciphering key, the first KEK corresponding to the first access authority, the ciphering key being obtained by the key exchange.
- the method further includes, while the storage device is accessed by the second user ID, decrypting the encrypted first KEK based on the ciphering key.
- performing the key exchange includes generating, by a trusted third party (TTP) in or coupled to the storage device, a first certificate for the first user ID based on the first user ID and a first public key, generating, by the TTP, a second certificate for the second user ID based on the second user ID and a second public key and, while the storage device is accessed by the first user ID, performing a first verification on the second certificate based on a third certificate in or accessed by the TTP.
- TTP trusted third party
- the method further includes, when the first verification is successfully completed, deriving the ciphering key based on a first private key and the second public key obtained by the first verification and, while the storage device is accessed by the second user ID, performing a second verification on the first certificate based on the third certificate.
- the method further includes, when the second verification is successfully completed, deriving the ciphering key based on a second private key and the first public key obtained by the second verification.
- a method for performing key exchange for security operation in a storage device that is accessed by a first user identification (ID) and a second user ID, the first user ID having a first private key and a first public key, the second user ID having a second private key and a second public key, the key exchange being performed between the first user ID and the second user ID.
- ID user identification
- second user ID having a second private key and a second public key
- the method may include generating, by a trusted third party (TTP) in or coupled to the storage device and having a third private key and a third public key, a first certificate by signing the first user ID and the first public key based on the third private key.
- the method may also include generating, by the TTP, a second certificate by signing the second user ID and the second public key based on the third private key, storing the first certificate, the second certificate and a third certificate for the TTP in a key slot in which the first private key, the first public key, the second private key and the second public key are stored, and accessing the storage device based on the first user ID and a first password.
- TTP trusted third party
- the method may further include, while the storage device is accessed by the first user ID, performing a first verification on the second certificate by extracting the third public key based on the third certificate, by verifying a signature for the second certificate based on the third public key, and by extracting the second user ID and the second public key in the second certificate when a verification on the signature for the second certificate is successfully completed.
- the method may further include deriving a ciphering key by obtaining a first key-protection-key (KPK) based on the first password and a random value, by obtaining the first private key based on the first KPK, and by performing a key agreement based on the first private key and the second public key, and accessing the storage device based on the second user ID and a second password.
- KPK key-protection-key
- the method may further include, while the storage device is accessed by the second user ID, performing a second verification on the first certificate by extracting the third public key based on the third certificate, by verifying a signature for the first certificate based on the third public key, and by extracting the first user ID and the first public key in the first certificate when a verification on the signature for the first certificate is successfully completed.
- the method may further include deriving the ciphering key by obtaining a second KPK based on the second password and the random value, by obtaining the second private key based on the second KPK, and by performing the key agreement based on the second private key and the first public key.
- FIG. 1 is a flowchart illustrating an embodiment of a method of performing a key exchange for a security operation in a storage device.
- FIG. 2 is an example of an exchange of information that may be performed for the method of FIG. 1 .
- the method may be performed or executed in a storage device that is accessed by a plurality of user identifications (IDs), which may include a first user ID and a second user ID that are different from each other.
- IDs user identifications
- the storage device may include a plurality of memories (e.g., nonvolatile memories) to store data and a storage controller to control operations of the nonvolatile memories.
- the storage device may further include a trusted third party (TTP) to perform a key exchange.
- TTP trusted third party
- the key exchange method includes, at S100, generating a first certificate Cert U1 based on a user ID (ID U1 ) of a first user and a first public key PK U1 for the first user ID ID U1 .
- a second certificate Cert U2 is generated based on a user ID (ID U2 ) of a second user and a second public key PK U2 for the second user ID ID U2 .
- Embodiments of operations S100 and S200 are described with reference to FIGS. 6, 7 , 8A and 8B .
- Operations S100 and S200 may be performed, for example, by the TTP in the storage device.
- the TTP may be used to securely and/or safely perform the key exchange.
- the TTP may generate the first certificate Cert U1 and the second certificate Cert U2 for user authentication, and thus may be used to prevent or block performance of the key exchange with an unauthorized or invalid user.
- the TTP may be included in the storage controller, which may be in or coupled to the storage device. In other example embodiments (e.g., as described with reference to FIG. 22 ), the TTP may be disposed or located outside and coupled to the storage controller. In one embodiment (e.g., as described with reference to FIG. 23 ), the TTP may be disposed or located outside and coupled to the storage device.
- a first verification is performed on the second certificate Cert U2 based on a third certificate in the TTP.
- a ciphering key CK is derived based on a first private key SK U1 for the first user ID ID U1 and the second public key PK U2 for the second user ID ID U2 obtained by the first verification.
- Embodiments of operations S300 and S400 are described with reference to FIGS. 9 to 11 .
- the third certificate may be different from the first certificate Cert U1 and the second certificate Cert U2 .
- the third certificate may be used to check or confirm whether the second certificate Cert U2 is a certificate signed by the TTP, as in operation S300. Based on the first verification, for example, the check may be performed based on whether the second user ID ID U2 and the second user corresponding the second user ID ID U2 is an authorized or legitimate user.
- the ciphering key CK is derived based on a second private key SK U2 for the second user ID ID U2 and the first public key PK U1 for the first user ID ID U1 obtained by the second verification.
- Embodiments of operations S500 and S600 are described with reference to FIGS. 12 to 14 .
- the third certificate may be used to check or confirm whether the first certificate Cert U1 is a certificate signed by the TTP, as in operation S500. Based on the second verification, a check may be performed based on whether the first user ID ID U1 and the first user corresponding the first user ID ID U1 is an authorized or legitimate user.
- the first user e.g., first user ID ID U1
- the second user e.g., second user ID ID U2
- the first certificate Cert U1 and the second certificate Cert U2 may be obtained.
- the first user may obtain the ciphering key CK.
- operations S500 and S600 are performed, the second user may obtain the ciphering key CK.
- the first private key SK U1 , the first public key PK U1 , the second private key SK U2 , the second public key PK U2 , the first certificate Cert U1 and the second certificate Cert U2 may be stored in a key slot.
- the security (or secure) operation may be performed using the ciphering key CK obtained by the key exchange.
- the security operation may include an operation of transferring authority (e.g., an access authority or right) to a specific storage region, an embodiment of which is described with reference to FIG. 15 .
- example embodiments are not limited thereto, and the security operation may include at least one of various other operations.
- the ciphering key CK that is derived based on the first private key SK U1 and the second public key PK U2 in operation S400 may be substantially the same as the ciphering key CK that is derived based on the second private key SK U2 and the first public key PK U1 in operation S600.
- the key exchange may be performed based on a Diffie-Hellman (DH) scheme and/or an elliptic curve Diffie-Hellman (ECDH) scheme.
- DH Diffie-Hellman
- ECDH elliptic curve Diffie-Hellman
- the first certificate Cert U1 may be "ID U1
- the second certificate Cert U2 may be "ID U2
- the ciphering key CK derived in operation S400 may be "(g b ) a mod p”
- the ciphering key CK derived in operation S600 may be "(g a ) b mod p” and thus the same ciphering key may be obtained in operations S400 and S600.
- example embodiments are not limited thereto, and the key exchange may be performed based on one or more other algorithms.
- FIG. 2 illustrates that the first certificate Cert U1 and the second certificate Cert U2 are transmitted between the first user (e.g., first user ID ID U1 ) and the second user (e.g., second user ID ID U2 ), variations are possible.
- the storage device may not be accessed by two or more users (e.g., two or more user IDs) at the same time, and may be accessed by only one user (e.g., one user ID) at a specific time.
- operations S100, S300 and S400 may be performed sequentially and/or at once based on the first private key SK U1 , the first public key PK U1 , the second private key SK U2 and the second public key PK U2 stored in the key slot.
- operation sS200, S500 and S600 may be performed sequentially and/or at once based on the first private key SK U1 , the first public key PK U1 , the second private key SK U2 and the second public key PK U2 stored in the key slot.
- the TTP may be used to securely and/or safely perform the key exchange.
- the first certificate Cert U1 and the second certificate Cert U2 for the user authentication may be generated by the TTP.
- the first user e.g., the first user ID ID U1
- the second user e.g., the second user ID ID U2
- the second user ID ID U2 may not derive the ciphering key CK based on the second public key PK U2 for the second user (e.g., the second user ID ID U2 ), but may authenticate the second public key PK U2 based on the second certificate Cert U2 for the second user signed by the TTP and may derive the ciphering key CK based on the authenticated second public key PK U2 .
- the key exchange with the unauthorized or invalid user may be prevented or blocked, the key exchange may be performed with only the authorized or legitimate user, and thus the storage device may have the improved or enhanced security performance.
- FIG. 3 is a block diagram illustrating an embodiment of a storage system 100 including a host device 200 and a storage device 300.
- the host device 200 may control overall operation of the storage system 100 and, for example, may include a host processor and a host memory.
- the host processor may control operation of the host device 200, for example, based on execution of an operating system (OS).
- the host memory may store instructions and/or data executed and/or processed by the host processor.
- the operating system executed by the host processor may include, for example, a file system for file management and a device driver for controlling peripheral devices including the storage device 300 at the operating system level.
- the storage device 300 is accessed by the host device 200 and may include a storage controller 310, a plurality of nonvolatile memories (NVMs) 320a, 320b and 320c, and a buffer memory 330.
- the storage controller 310 may control operation of the storage device 300 and/or operations of the nonvolatile memories 320a, 320b and 320c based on commands and data from the host device 200.
- the storage controller 310 includes a TTP 312. As described with reference to FIG. 1 , TTP 312 may be used to securely and/or safely perform key exchange.
- the nonvolatile memories 320a, 320b and 320c may store data, including, for example, meta data, user data, and/or other information. As described with reference to FIG. 5 , the nonvolatile memories 320a, 320b and 320c may be divided into a plurality of storage regions.
- each of the nonvolatile memories 320a, 320b and 320c may include a NAND flash memory.
- each of the nonvolatile memories 320a, 320b and 320c may include one of an electrically erasable programmable read only memory (EEPROM), a phase change random access memory (PRAM), a resistance random access memory (RRAM), a nano floating gate memory (NFGM), a polymer random access memory (PoRAM), a magnetic random access memory (MRAM), a ferroelectric random access memory (FRAM), or another type of memory.
- EEPROM electrically erasable programmable read only memory
- PRAM phase change random access memory
- RRAM resistance random access memory
- NFGM nano floating gate memory
- PoRAM polymer random access memory
- MRAM magnetic random access memory
- FRAM ferroelectric random access memory
- the buffer memory 330 may store instructions and/or data that are executed and/or processed by the storage controller 310, and may temporarily store data stored in or to be stored into the nonvolatile memories 320a, 320b and 320c.
- the buffer memory 330 may include at least one of various types of volatile memories, e.g., a dynamic random access memory (DRAM) or another type of memory.
- DRAM dynamic random access memory
- the storage device 300 may be accessed by one of a plurality of user IDs via the host device 200. For example, when the first user ID ID U1 and a first password corresponding to the first user ID ID U1 are input via the host device 200, the storage device 300 may be accessed by the first user ID ID U1 and the first user corresponding to the first user ID ID U1 . When the second user ID ID U2 and a second password corresponding to the second user ID ID U2 are input via the host device 200, the storage device 300 may be accessed by the second user ID ID U2 and the second user corresponding to the second user ID ID U2 .
- the storage controller 310 and the TTP 312 execute the method of performing key exchange according to example embodiments described with reference to FIGS. 1 and 2 .
- the storage controller 310 includes at least one processor for performing the security operation, and the processor and the TTP 312 may generate the first certificate Cert U1 and the second certificate Cert U2 .
- the processor While the storage device 300 is accessed by the first user ID ID U1 , the processor performs the first verification on the second certificate Cert U2 based on the certificate of the TTP 312, and derives the ciphering key CK when the first verification is successfully completed.
- the processor While the storage device 300 is accessed by the second user ID ID U2 , the processor performs the second verification on the first certificate Cert U1 based on the certificate of the TTP 312 and derives the ciphering key CK when the second verification is successfully completed.
- the storage controller 310 and the TTP 312 may perform or execute a method of performing authority transfer according to embodiments as described with reference to FIGS. 15 and 21 .
- the storage device 300 may be a solid state drive (SSD).
- the storage device 300 may be implemented in the form of a self-encrypting drive (SED).
- the storage device 300 may be a universal flash storage (UFS), a multi media card (MMC) or an embedded multi media card (eMMC).
- the storage device 300 may be one of a secure digital (SD) card, a micro SD card, a memory stick, a chip card, a universal serial bus (USB) card, a smart card, a compact flash (CF) card, or another type of storage device.
- the storage device 300 may be connected to the host device 200 via a block accessible interface which may include, for example, a UFS, an eMMC, a serial advanced technology attachment (SATA) bus, a nonvolatile memory express (NVMe) bus, a serial attached SCSI (SAS) bus, or the like.
- the storage device 300 may use a block accessible address space corresponding to an access size of the nonvolatile memories 320a, 320b and 320c to provide the block accessible interface to the host device 200, and to allow the access (e.g., by units of a memory block) with respect to data stored in the nonvolatile memories 320a, 320b and 320c.
- the storage system 100 may be any type of computing system, e.g., a personal computer (PC), a server computer, a data center, a workstation, a digital television, a set-top box, a navigation system, etc. In some embodiments, the storage system 100 may be any type of mobile system.
- Examples include a mobile phone, a smart phone, a tablet computer, a laptop computer, a personal digital assistant (PDA), a portable multimedia player (PMP), a digital camera, a portable game console, a music player, a camcorder, a video player, a navigation device, a wearable device, an internet of things (IoT) device, an internet of everything (IoE) device, an e-book reader, a virtual reality (VR) device, an augmented reality (AR) device, a robotic device, a drone, etc.
- PDA personal digital assistant
- PMP portable multimedia player
- PMP portable camera
- portable game console a music player
- a camcorder a portable game console
- music player a camcorder
- video player a navigation device
- a wearable device an internet of things (IoT) device, an internet of everything (IoE) device, an e-book reader, a virtual reality (VR) device, an augmented reality (AR) device, a robotic device,
- FIG. 4 is a block diagram illustrating an embodiment of a storage controller 400 in or coupled to a storage device.
- a storage controller 400 may include a first processor 410 (PROCESSOR1), a memory 420, a second processor 430 (PROCESSOR2), a host interface 440, an error correction code (ECC) block 450 and a memory interface 460.
- the first processor 410 and the second processor 430 may control an operation of the storage controller 400 in response to a command received via the host interface 440 from a host device (e.g., host device 200 in FIG. 3 ).
- the first processor 410 may control a normal operation of a storage device (e.g., storage device 300 in FIG. 3 ), and may control respective components by employing firmware or other instructions for operating the storage device.
- the second processor 430 may control a security operation of the storage device and may include a TTP 432.
- the second processor 430 and the TTP 432 may correspond to the processor and the TTP 312 in or coupled to the storage controller 310 of FIG. 3 .
- the second processor 430 may process and/or may store security data such as a cryptographic key, sensitive data, a sensitive code, or the like.
- the memory 420 may store instructions and data executed and processed by the first processor 410 and the second processor 430.
- the memory 420 may be implemented with a volatile memory with relatively small capacity and high speed, such as a static random access memory (SRAM), a cache memory, or the like.
- SRAM static random access memory
- the ECC block (or logic) 450 may perform coded modulation for error correction using a Bose-Chaudhuri-Hocquenghem (BCH) code, a low density parity check (LDPC) code, a turbo code, a Reed-Solomon code, a convolution code, a recursive systematic code (RSC), a trellis-coded modulation (TCM), a block coded modulation (BCM), etc., or may perform ECC encoding and ECC decoding using above-described codes or other error correction codes.
- BCH Bose-Chaudhuri-Hocquenghem
- LDPC low density parity check
- turbo code a turbo code
- a Reed-Solomon code a convolution code
- RSC recursive systematic code
- TCM trellis-coded modulation
- BCM block coded modulation
- the host interface 440 may provide physical connections between the host device and the storage device.
- the host interface 440 may provide an interface corresponding to a bus format of the host device for communication between the host device and the storage device.
- the bus format of the host device may be a small computer system interface (SCSI) or a serial attached SCSI (SAS) interface.
- the bus format of the host device may be a USB, a peripheral component interconnect (PCI) express (PCIe), an advanced technology attachment (ATA), a parallel ATA (PATA), a serial ATA (SATA), a nonvolatile memory (NVMe), etc., format.
- PCI peripheral component interconnect
- ATA advanced technology attachment
- PATA parallel ATA
- SATA serial ATA
- NVMe nonvolatile memory express
- the memory interface 460 may exchange data with nonvolatile memories (e.g., nonvolatile memories 320a, 320b and 320c in FIG. 3 ).
- the memory interface 460 may transfer data to the nonvolatile memories or may receive data read from the nonvolatile memories.
- the memory interface 460 may be connected to the nonvolatile memories via one channel. In some example embodiments, the memory interface 460 may be connected to the nonvolatile memories via two or more channels.
- FIG. 5 is a diagram illustrating an example of a storage space 500 in a storage device, e.g., storage device 300 of FIG. 3 .
- the storage space 500 may include a key slot 510, a user-dedicated storage region 520 and a plurality of storage regions (RANGE1, RANGE2, ..., RANGEM) 530a, 530b and 530c.
- RANGE1, RANGE2, ..., RANGEM storage regions
- the storage space 500 may include nonvolatile memories (e.g., nonvolatile memories 320a, 320b and 320c in FIG. 3 ) which are logically divided.
- the storage space 500 may further include a storage space of a buffer memory (e.g., buffer memory 330 in FIG. 3 ) in the storage device and/or a processing space of a processor (e.g., processors 410 and 430 in FIG. 4 ) in a storage controller (e.g., storage controller 400 of FIG. 4 ) used to access the nonvolatile memories.
- a buffer memory e.g., buffer memory 330 in FIG. 3
- a processing space of a processor e.g., processors 410 and 430 in FIG. 4
- a storage controller e.g., storage controller 400 of FIG. 4
- the key slot 510 may be a region in which keys and certificates of a plurality of users and user IDs are allocated and/or stored.
- the user IDs may be capable of accessing the storage device and may include first through N-th user IDs, where N is a natural number greater than or equal to two.
- the key slot 510 may include first through N-th key slot regions (KSRs) KSR1, KSR2, ..., KSRN that correspond and are allocated to the first through N-th user IDs, respectively.
- the first key slot region KSR1 may correspond to the first user ID and may be allocated to the first user ID.
- the key slot 510 and the key slot regions KSR1, KSR2, ..., KSRN may be accessed by all (or predetermined) users and all (or predetermined) user IDs. However, as will be described with reference to FIGS. 8A and 8B , each key may be stored in encrypted and/or wrapped state and thus the encrypted and/or wrapped key may be used only by an authorized user.
- the user-dedicated storage region 520 may be a region used by the users and user IDs to perform the security operation and/or calculation.
- the user-dedicated storage region 520 may include first through N-th user storage regions (USRs) USR1, USR2, ..., USRN that correspond and are allocated to the first through N-th user IDs, respectively.
- the first user storage region USR1 may correspond to the first user ID and may be allocated to the first user ID.
- each of the user storage regions USR1, USR2, ..., USRN may be accessed only by a specific user and user ID.
- the first user storage region USR1 may be accessed only by the first user ID.
- user-dedicated storage region 520 may further include a region that is commonly accessed by all (or predetermined) users and all (or predetermined) user IDs.
- the storage regions 530a, 530b and 530c may store data (e.g., normal data, security data, etc.), each of the storage regions 530a, 530b and 530c may be referred to as a range, a partition, or the like.
- Each of the storage regions 530a, 530b and 530c may be accessed only by a user and a user ID having an access authority. For example, when the first user ID has a first access authority to the first storage region 530a and when the second user ID does not have the first access authority, the first storage region 530a may be accessed by the first user ID and may not be accessed by the second user ID. As described with reference to FIG. 15 , the first access authority may be transferred to the second user ID.
- example embodiments will be described in detail based on the Diffie-Hellman scheme. However, example embodiments are not limited thereto, and example embodiments may be implemented based on at least one of various other algorithms.
- FIG. 6 is a flowchart illustrating an embodiment of an operation of generating a first certificate in FIG. 1 .
- FIG. 7 is a flowchart illustrating an embodiment of generating a second certificate in FIG. 1 .
- FIGS. 8A and 8B are diagrams illustrating examples for describing the operations of FIGS. 6 and 7 .
- the first user and the first user ID ID U1 may have a first private key WDHSK U1 and a first public key DHPK U1 .
- the second user and the second user ID ID U2 may have a second private key WDHSK U2 and a second public key DHPK U2 .
- a TTP 610 may have a third private key SK TTP , a third public key PK TTP and a third certificate Cert TTP .
- the first private key WDHSK U1 and the first public key DHPK U1 may be stored in the first key slot region KSR1 allocated to the first user ID ID U1 .
- the second private key WDHSK U2 and the second public key DHPK U2 may be stored in the second key slot region KSR2 allocated to the second user ID ID U2 .
- the third private key SK TTP , the third public key PK TTP and the third certificate Cert TTP may be stored in the TTP 610. An operation of generating the third certificate Cert TTP including the third public key PK TTP may be performed in advance.
- the first certificate DHCert U1 may be obtained by signing the first user ID ID U1 and the first public key DHPK U1 for the first user ID ID U1 based on the third private key SK TTP in the TTP 610.
- the first certificate DHCert U1 may be "ID U1
- a certificate generating operation (CERT _GEN) 620 in FIG. 8A may correspond to operation S110 in FIG. 6 .
- the first certificate DHCert U1 may be stored in the first key slot region KSR1.
- the third certificate Cert TTP may also be stored in the first key slot region KSR1.
- the first certificate DHCert U1 may be stored with the first private key WDHSK U1 , the first public key DHPK U1 and the third certificate Cert TTP in the first key slot region KSR1.
- the second certificate DHCert U2 when generating a second certificate DHCert U2 (e.g., operation S200), the second certificate DHCert U2 may be obtained by signing the second user ID ID U2 and the second public key DHPK U2 for the second user ID ID U2 based on the third private key SK TTP included in the TTP 610.
- Operation S210 may be similar to operation S110 in FIG. 6 .
- a certificate generating operation (CERT _GEN) 630 in FIG. 8B may correspond to operation S210 in FIG. 7 .
- the second certificate DHCert U2 may be stored in the second key slot region KSR2. Operation S220 may be similar to operation S120 in FIG. 6 . Thus, after operation S200 (including S210 and S220) is completed, the second certificate DHCert U2 may be stored together with the second private key WDHSK U2 , the second public key DHPK U2 and the third certificate Cert TTP in the second key slot region KSR2.
- each of the first private key WDHSKui and the second private key WDHSK U2 may be a wrapped key.
- all (or predetermined ones) of the user IDs including the first user ID ID U1 and the second user ID ID U2 may access the first private key WDHSK U1 and the second private key WDHSK U2
- only the first user ID ID U1 having unwrapping authority for the first private key WDHSKui may use the first private key WDHSK U1
- only the second user ID ID U2 having unwrapping authority for the second private key WDHSK U2 may use the second private key WDHSK U2 .
- the above-described operations of generating the certificate and storing the certificate in the key slot may be performed for all (or predetermined) user IDs (or all user accounts) in the same manner.
- FIG. 9 is a flowchart illustrating an embodiment of an operation of performing a first verification in FIG. 1 .
- FIG. 10 is a flowchart illustrating an embodiment of an operation of deriving a ciphering key based on a first private key and a second public key in FIG. 1 .
- FIG. 11 is a diagram illustrating an example for describing the operations of FIGS. 9 and 10 .
- the first user when performing the first verification while the storage device is accessed by the first user ID ID U1 , the first user may log in the storage device using the first user ID ID U1 and a first password PWD U1 corresponding to the first user ID ID U1 , and the second certificate DHCert U2 stored in the second key slot region KSR2 may be loaded.
- the third public key PK TTP in the TTP 610 may be extracted based on the third certificate Cert TTP .
- a signature for the second certificate DHCert U2 may be verified based on the third public key PK TTP .
- a certificate verifying operation (CERT_VFY) 710 in FIG. 11 may correspond to operations S310 and S320 in FIG. 9 .
- step S330 when a verification on the signature for the second certificate DHCert U2 is successfully completed (step S330: YES), it may be determined that the second user corresponding to the second user ID ID U2 is an authorized or legitimate user.
- the second user ID ID U2 and the second public key DHPK U2 in the second certificate DHCert U2 may be therefore be extracted.
- step S330: NO the verification on the signature for the second certificate DHCert U2 has failed
- a first key-protection-key (KPK) KPK U1 may be obtained based on the first password PWD U1 corresponding to the first user ID ID U1 and a random value Salt1.
- KDF key derivation function
- operation S410 may be performed at a time point at which the first user logs in the storage device using the first user ID ID U1 and the first password PWD U1 .
- a first private key DHSK U1 that is an unwrapped key, may be obtained based on the first KPK KPK U1 .
- the unwrapped first private key DHSK U1 may be generated by performing a decrypting operation (DEC) 730 on the first private key WDHSK U1 that is the wrapped key based on the first KPK KPK U1 .
- the decrypting operation 730 may be performed based on an advanced encryption standard (AES) algorithm.
- AES advanced encryption standard
- the ciphering key CK U1U2 may be obtained by performing a key agreement based on the first private key DHSK U1 for the first user ID ID U1 and the second public key DHPK U2 for the second user ID ID U2 obtained by the first verification.
- a key agreement operation (KEY_AGR) 740 in FIG. 11 may correspond to operation S430 in FIG. 10 .
- the first verification and the operation of deriving the ciphering key CK U1U2 based on the first private key DHSK U1 and the second public key DHPK U2 may be performed using the first user storage region USR1 that is accessed only by the first user ID ID U1 .
- FIG. 12 is a flowchart illustrating an embodiment of an operation of performing a second verification in FIG. 1 .
- FIG. 13 is a flowchart illustrating an embodiment of an operation of deriving a ciphering key based on a second private key and a first public key in FIG. 1 .
- FIG. 14 is a diagram illustrating an example for describing the operations of FIGS. 12 and 13 .
- the second verification is performed while the storage device is accessed by the second user ID ID U2 .
- the second user may log in the storage device using the second user ID ID U2 and a second password PWD U2 corresponding to the second user ID ID U2 , and the first certificate DHCert U1 stored in the first key slot region KSR1 may be loaded .
- extracting the third public key PK TTP in the TTP 610 may be extracted based on the third certificate Cert TTP .
- a signature for the first certificate DHCert U1 may be verified based on the third public key PK TTP .
- Operations S510 and S520 may be similar to operations S310 and S320 in FIG. 9 , respectively.
- a certificate verifying operation (CERT VFY) 810 in FIG. 14 may correspond to operations S510 and S520 in FIG. 12 .
- step S540 when verification on the signature for the first certificate DHCert U1 is successfully completed (S530: YES), the first user ID ID U1 and the first public key DHPK U1 in the first certificate DHCert U1 may be extracted.
- step S530: NO the process may be terminated.
- Operations S530 and S540 may be similar to operations S330 and S340 in FIG. 9 , respectively.
- a ciphering key CK U1U2 is derived based on the second private key WDHSK U2 and the first public key DHPK U1 when the second verification is successfully completed.
- a second KPK KPK U2 may be obtained based on a second password PWD U2 corresponding to the second user ID ID U2 and a random value Salt1.
- Operation S610 may be similar to operation S410 in FIG. 10 , and an operation of using a KDF 820 in FIG. 14 may correspond to operation S610 in FIG. 13 .
- a second private key DHSK U2 that is an unwrapped key may be obtained based on the second KPK KPK U2 .
- Operation S620 may be similar to operation S420 in FIG. 10 , and a decrypting operation (DEC) 830 in FIG. 14 may correspond to operation S620 in FIG. 13 .
- DEC decrypting operation
- the ciphering key CK U1U2 may be obtained by performing a key agreement based on the second private key DHSK U2 for the second user ID ID U2 and the first public key DHPK U1 for the first user ID ID U1 obtained by the second verification.
- Operation S630 may be similar to operation S430 in FIG. 10
- a key agreement operation (KEY AGR) 840 in FIG. 14 may correspond to operation S630 in FIG. 13 .
- the second verification and the operation of deriving the ciphering key CK U1U2 based on the second private key DHSK U2 and the first public key DHPK U1 may be performed using the second user storage region USR2 that is accessed only by the second user ID ID U2 .
- the first user ID ID U1 and the second user ID ID U2 may obtain the same ciphering key CK U1U2 .
- the first user ID ID U1 may derive the ciphering key CK U1U2 based on the authenticated second public key DHPK U2 for the second user ID ID U2 , and only the second user ID ID U2 having the second private key DHSK U2 may derive the same ciphering key CK U1U2 .
- FIG. 15 is a flowchart illustrating an embodiment of a method of performing authority transfer in a storage device.
- the method includes, at S1100, performing a key exchange between a first user ID and a second user ID.
- the first user ID corresponds to a first user that has a first access authority to a first storage region in the storage device.
- the second user ID corresponds to a second user to be obtained the first access authority.
- Operation S1100 may be performed based on the method of performing key exchange according to example embodiments described with reference to FIGS. 1 through 14 .
- the TTP may be used to securely and/or safely perform the key exchange.
- Each user and user ID may authenticate a public key based on a certificate signed by the TTP and may derive a ciphering key based on the authenticated public key.
- the key exchange with the unauthorized or invalid user may be prevented or blocked, and the key exchange may be performed with only the authorized or legitimate user.
- the first user ID and the second user ID may obtain the same ciphering key.
- a first key-encryption-key (KEK) is encrypted based on the ciphering key.
- the first KEK corresponds to the first access authority, and the ciphering key is obtained by the key exchange.
- the first KEK may be a key to access the first storage region.
- the first user ID may already have the first access authority and the first KEK corresponding to the first access authority.
- Operation S1200 may be an operation for transferring the first KEK to the second user ID. An embodiment of operation S1200 is described with reference to FIGS. 16 and 17 .
- the encrypted first KEK is decrypted based on the ciphering key.
- the first KEK may be stored in a second key slot region allocated to the second user ID.
- the second user ID may have the first KEK. An embodiment of operation S1300 is described with reference to FIGS. 18, 19 and 20 .
- both the first user ID and the second user ID may own or possess the first KEK, and thus both the first user ID and the second user ID may have the first access authority to the first storage region.
- the key exchange may be performed with only the authorized or legitimate user based on the TTP, and the first user ID and the second user ID may obtain the same ciphering key when the key exchange is performed.
- the first KEK corresponding to the first access authority to the first storage region may be securely and/or safely transferred to the second user ID by based on the ciphering key. Accordingly, the storage device may have the improved or enhanced security performance.
- FIG. 16 is a flowchart illustrating an embodiment of an operation of encrypting a first KEK in FIG. 15
- FIG. 17 is a diagram illustrating an example for describing the operation of FIG. 16 .
- the method includes, at S1210, when encrypting a first KEK KEK R1 while the storage device is accessed by the first user ID ID U1 (S1200), a first KPK KPK U1 may be obtained based on a first password PWD U1 corresponding to the first user ID ID U1 and a random value Salt1.
- Operation S1210 may be substantially the same as operation S410 in FIG. 10 .
- An operation using a KDF 910 in FIG. 17 may correspond to operation S1210 in FIG. 16 .
- operation S1210 may be omitted.
- the first KEK KEK R1 may be obtained based on the first KPK KPK U1 .
- the first user ID ID U1 may have the first KEK KEK R1 by encrypting (or wrapping) the first KEK KEK R1 based on the first KPK KPK U1 and by storing the encrypted first KEK WKEK R1 in the first key slot region KSR1.
- the encrypted first KEK WKEK R1 may be loaded, and the first KEK KEK R1 may be generated by performing a decrypting operation (DEC) 920 on the encrypted first KEK WKEK R1 , as illustrated in FIG. 17 .
- the decrypting operation 920 may be performed based on an AES algorithm.
- the first KEK KEK R1 may be encrypted based on the ciphering key CK U1U2 ., and at S1240 the encrypted first KEK WKEK R1 ' may be stored.
- the encrypted first KEK WKEK R1 ' may be generated by performing an encrypting operation (ENC) 930 on the first KEK KEK R1 , as illustrated in FIG. 17 .
- the encrypting operation 930 may be performed based on an AES algorithm.
- the encrypted first KEK WKEK R1 ' may be stored in a region accessible by the second user ID ID U2 .
- the encrypted first KEK WKEK R1 ' may be different from the encrypted first KEK WKEK R1 .
- the first user ID ID U1 may access the first storage region.
- the first KEK KEK R1 may be obtained by performing the decrypting operation 920 based on the first KPK KPK U1 , an encrypted first media-encryption-key (MEK) WMEK R1 and encrypted first data E_DATA R1 stored in the first storage region may be loaded, a first MEK MEK R1 may be obtained by performing a decrypting operation (DEC) 1010 based on the first KEK KEK R1 , and first data DATA R1 may be obtained by performing a decrypting operation (DEC) 1020 based on the first MEK MEK R1 .
- DEC decrypting operation
- the decrypting operations 1010 and 1020 may be performed based on an AES algorithm.
- operations S1210, S1220, S1230 and S1240 may be performed using the first user storage region USR1 that is accessed only by the first user ID ID U1 .
- FIG. 18 is a flowchart illustrating an embodiment of an operation of decrypting the encrypted first KEK in FIG. 15 .
- FIG. 19 is a flowchart illustrating an embodiment of an operation of storing decrypted first KEK in FIG. 18 .
- FIG. 20 is a diagram illustrating an example for describing the operations of FIGS. 18 and 19 .
- the encrypted first KEK WKEK R1 ' may be decrypted based on the ciphering key CK U1U2 .
- a first KEK KEK R1 may be generated by performing a decrypting operation (DEC) 1110 on the encrypted first KEK WKEK R1 ', as illustrated in FIG. 20 .
- DEC decrypting operation
- the first KEK KEK R1 obtained by the second user ID ID U2 may be substantially equal to the first KEK KEK R1 transferred by the first user ID ID U1 .
- the decrypted first KEK KEK R1 may be stored.
- a second KPK KPK U2 may be obtained based on a second password PWD U2 corresponding to the second user ID ID U2 and a random value Salt1.
- Operation S1322 may be substantially the same as operation S610 in FIG. 13 .
- An operation using a KDF 1120 in FIG. 20 may correspond to operation S1322 in FIG. 19 .
- operation S1322 may be omitted.
- the decrypted first KEK KEK R1 may be encrypted again based on the second KPK KPK U2 .
- an encrypted first KEK WKEK R1 " may be generated by performing an encrypting operation (ENC) 1130 on the decrypted first KEK KEK R1 , as illustrated in FIG. 20 .
- the encrypting operation 1130 may be performed based on an AES algorithm.
- the encrypted first KEK WKEK R1 " may be different from the encrypted first KEK WKEK R1 ' and the encrypted first KEK WKEK R1 .
- the encrypted first KEK may be stored.
- the second user ID ID U2 may own or possess the first KEK KEK R1 by storing the encrypted first KEK WKEK R1 " in the second key slot region KSR2.
- the second user ID ID U2 may access the first storage region after the first KEK YEK R1 is owned by the second user ID ID U2 .
- the first KEK KEK R1 may be obtained by performing a decrypting operation (DEC) 1210 based on the second KPK KPK U2
- an encrypted first MEK WMEK R1 and encrypted first data E_DATA R1 stored in the first storage region may be loaded
- a first MEK MEK R1 may be obtained by performing a decrypting operation (DEC) 1220 based on the first KEK KEK R1
- first data DATA R1 may be obtained by performing a decrypting operation (DEC) 1230 based on the first MEK MEK R1 .
- decrypting operations 1210, 1220 and 1230 may be performed based on an AES algorithm.
- FIG. 21 is a flowchart illustrating an embodiment of a method of performing authority transfer in a storage.
- operations S1100, S1200 and S1300 may be substantially the same as operations S1100 S1200, and S1300 in FIG. 15 , respectively.
- At least one of the first user ID or the second user ID may access the first storage region.
- the first KEK may be obtained (step S2100)
- a first MEK may be obtained based on the first KEK (step S2200)
- first data stored in the first storage region may be obtained based on the first MEK (step S2300).
- operations S2100, S2200 and S2300 may correspond to the decrypting operations 920, 1010 and 1020 in FIG. 17 , respectively.
- operations S2100, S2200 and S2300 may be performed.
- operations S2100, S2200 and S2300 may correspond to the decrypting operations 1210, 1220 and 1230 in FIG. 20 , respectively.
- the method of performing authority transfer of FIG. 21 may be described as a method of operating or driving the storage device.
- inventive concept may be embodied as a system, method, computer program product, and/or a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
- the computer readable program code may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus.
- the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
- the computer readable storage medium may be any tangible medium that can contain or store a program for use by or in connection with an instruction execution system, apparatus, or device.
- the computer readable medium may be a non-transitory computer readable medium.
- FIGS. 22 and 23 are block diagrams illustrating embodiments of storage systems including a storage device according to example embodiments.
- a storage system 100a includes a host device 200 and a storage device 300a.
- the storage device 300a includes a storage controller 310a, a plurality of nonvolatile memories 320a, 320b and 320c, and a buffer memory 330.
- the storage device 300a may further include a secure element (SE) 340.
- SE secure element
- the storage system 100a may be substantially the same as the storage system 100 of FIG. 3 , except that the TTP 342 is not in the storage controller 310a and is in the secure element 340.
- the secure element 340 may process and/or may store secure data such as a cryptographic key, sensitive data, a sensitive code, or the like.
- the secure element 340 may be resistant against tampering attacks, such as micro-probing, a software attack, eavesdropping, a fault generation attack, etc.
- the secure element 340 may be referred to as a security hardware, a security component or a security module. Since the TTP 342 is in the secure element 340, the storage device 300a may have the improved or enhanced security performance.
- a storage system 100b includes a host device 200 and a storage device 300b.
- the storage system 100b may further include a certificate authority (CA) 2000.
- CA certificate authority
- the storage system 100b may be substantially the same as the storage system 100 of FIG. 3 , except that a TTP 2100 is not in the storage controller 310b and is in the certificate authority 2000 located outside the storage device 300b.
- example embodiments are described with reference to FIGS. 1 through 22 that the certificate generating operation is performed inside the storage device, example embodiments are not limited thereto.
- a certificate may be generated by a public key infrastructure (PKI) based on the external certificate authority 2000, and example embodiments may be performed based on the certificate generated by the external certificate authority 2000.
- PKI public key infrastructure
- example embodiments may be extended and applied using the X.509 standard certificate.
- FIG. 24 is a block diagram illustrating an embodiment of a data center 3000 including a storage system according to any of the example embodiments described herein.
- the data center 3000 may be a facility that collects various types of data and provides various services and may be referred to as a data storage center.
- the data center 3000 may be a system for operating search engines and databases and may be a computing system used by companies such as banks or government agencies.
- the data center 3000 may include application servers 3100 to 3100n and storage servers 3200 to 3200m.
- the number of the application servers 3100 to 3100n and the number of the storage servers 3200 to 3200m may be variously selected according to example embodiments, and the number of the application servers 3100 to 3100n and the number of the storage servers 3200 to 3200m may be different from each other.
- the application server 3100 may include at least one processor 3110 and at least one memory 3120, and the storage server 3200 may include at least one processor 3210 and at least one memory 3220.
- An operation of the storage server 3200 will be described as an example.
- the processor 3210 may control overall operation of the storage server 3200 and may access the memory 3220 to execute instructions and/or data loaded in the memory 3220.
- the memory 3220 may include at least one of a double data rate (DDR) synchronous dynamic random access memory (SDRAM), a high bandwidth memory (HBM), a hybrid memory cube (HMC), a dual in-line memory module (DIMM), an Optane DIMM, or a nonvolatile DIMM (NVDIMM).
- DDR double data rate
- SDRAM synchronous dynamic random access memory
- HBM high bandwidth memory
- HMC hybrid memory cube
- DIMM dual in-line memory module
- NVDIMM nonvolatile DIMM
- the number of the processors 3210 and the number of the memories 3220 in the storage server 3200 may be variously selected according to example embodiments.
- the processor 3210 and the memory 3220 may provide a processor-memory pair.
- the number of the processors 3210 and the number of the memories 3220 may be different from each other.
- the processor 3210 may include a single core processor or a multiple core processor.
- the above description of the storage server 3200 may be similarly applied to the application server 3100.
- the application server 3100 may include at least one storage device 3150, and the storage server 3200 may include at least one storage device 3250. In some example embodiments, the application server 3100 may not include the storage device 3150.
- the number of the storage devices 3250 in the storage server 3200 may be variously selected according to example embodiments.
- the application servers 3100 to 3100n and the storage servers 3200 to 3200m may communicate with each other through a network 3300.
- the network 3300 may be implemented using a fiber channel (FC) or an Ethernet.
- FC may be a medium used for a relatively high speed data transmission, and an optical switch that provides high performance and/or high availability may be used.
- the storage servers 3200 to 3200m may be provided as file storages, block storages or object storages according to an access scheme of the network 3300.
- the network 3300 may be a storage-only network or a network dedicated to a storage such as a storage area network (SAN).
- the SAN may be an FC-SAN that uses an FC network and is implemented according to an FC protocol (FCP).
- FCP FC protocol
- the SAN may be an IP-SAN that uses a transmission control protocol/internet protocol (TCP/IP) network and is implemented according to an iSCSI (a SCSI over TCP/IP or an Internet SCSI) protocol.
- TCP/IP transmission control protocol/internet protocol
- iSCSI a SCSI over TCP/IP or an Internet SCSI
- the network 3300 may be a general or normal network such as the TCP/IP network.
- the network 3300 may be implemented according to at least one of protocols such as an FC over Ethernet (FCoE), a network attached storage (NAS), a nonvolatile memory express (NVMe) over Fabrics (NVMe-oF), etc.
- FCoE FC over Ethernet
- NAS network attached storage
- example embodiments will be described based on the application server 3100 and the storage server 3200.
- the description of the application server 3100 may be applied to the other application server 3100n, and the description of the storage server 3200 may be applied to the other storage server 3200m.
- the application server 3100 may store data requested to be stored by a user or a client into one of the storage servers 3200 to 3200m through the network 3300. In addition, the application server 3100 may obtain data requested to be read by the user or the client from one of the storage servers 3200 to 3200m through the network 3300.
- the application server 3100 may be implemented as a web server or a database management system (DBMS).
- DBMS database management system
- the application server 3100 may access a memory 3120n or a storage device 3150n in the other application server 3100n through the network 3300, and/or may access the memories 3220 to 3220m or the storage devices 3250 to 3250m in the storage servers 3200 to 3200m through the network 3300.
- the application server 3100 may perform various operations on data stored in the application servers 3100 to 3100n and/or the storage servers 3200 to 3200m.
- the application server 3100 may execute a command for moving or copying data between the application servers 3100 to 3100n and/or the storage servers 3200 to 3200m.
- the data may be transferred from the storage devices 3250 to 3250m of the storage servers 3200 to 3200m to the memories 3120 to 3120n of the application servers 3100 to 3100n directly or through the memories 3220 to 3220m of the storage servers 3200 to 3200m.
- data transferred through network 3300 may be encrypted data for security or privacy.
- an interface 3254 may provide a physical connection between the processor 3210 and a controller 3251 and/or a physical connection between a network interface card (NIC) 3240 and the controller 3251.
- the interface 3254 may be implemented based on a direct attached storage (DAS) scheme in which the storage device 3250 is directly connected with a dedicated cable.
- DAS direct attached storage
- the interface 3254 may be implemented based on at least one of various interface schemes.
- Examples include an advanced technology attachment (ATA), a serial ATA (SATA) an external SATA (e-SATA), a small computer system interface (SCSI), a serial attached SCSI (SAS), a peripheral component interconnection (PCI), a PCI express (PCIe), an NVMe, an IEEE 1394, a universal serial bus (USB), a secure digital (SD) card interface, a multi-media card (MMC) interface, an embedded MMC (eMMC) interface, a universal flash storage (UFS) interface, an embedded UFS (eUFS) interface, a compact flash (CF) card interface, etc.
- ATA advanced technology attachment
- SATA serial ATA
- e-SATA external SATA
- SCSI small computer system interface
- SAS serial attached SCSI
- PCIe peripheral component interconnection
- PCIe PCI express
- NVMe NVMe
- IEEE 1394 universal serial bus
- USB universal serial bus
- SD secure digital
- MMC multi-media card
- eMMC embedded MMC
- the storage server 3200 may further include a switch 3230 and the NIC 3240.
- the switch 3230 may selectively connect the processor 3210 with the storage device 3250 or may selectively connect the NIC 3240 with the storage device 3250 under a control of the processor 3210.
- the application server 3100 may further include a switch 3130 and an NIC 3140.
- the NIC 3240 may include a network interface card, a network adapter, or the like.
- the NIC 3240 may be connected to the network 3300 through a wired interface, a wireless interface, a Bluetooth interface, an optical interface, or the like.
- the NIC 3240 may further include an internal memory, a digital signal processor (DSP), a host bus interface, or the like, and may be connected to the processor 3210 and/or the switch 3230 through the host bus interface.
- the host bus interface may be implemented as one of the above-described examples of the interface 3254.
- the NIC 3240 may be integrated with at least one of the processor 3210, the switch 3230 or storage device 3250.
- the processor may transmit a command to the storage devices 3150 to 3150n and 3250 to 3250m or the memories 3120 to 3120n and 3220 to 3220m to program or read data.
- the data may be error-corrected data by an error correction code (ECC) engine.
- ECC error correction code
- the data may be processed by a data bus inversion (DBI) or a data masking (DM), and may include a cyclic redundancy code (CRC) information.
- the data may be encrypted data for security or privacy.
- the storage devices 3150 to 3150m and 3250 to 3250m may transmit a control signal and command/address signals to NAND flash memory devices 3252 to 3252m in response to a read command received from the processor.
- a read enable (RE) signal may be input as a data output control signal and may serve to output data to a DQ bus.
- a data strobe signal (DQS) may be generated using the RE signal.
- the command and address signals may be latched in a page buffer based on a rising edge or a falling edge of a write enable (WE) signal.
- the controller 3251 may control overall operations of the storage device 3250.
- the controller 3251 may include a static random access memory (SRAM).
- SRAM static random access memory
- the controller 3251 may write data into the NAND flash memory device 3252 in response to a write command, or may read data from the NAND flash memory device 3252 in response to a read command.
- the write command and/or the read command may be provided from the processor 3210 in the storage server 3200, the processor 3210m in the other storage server 3200m, or the processors 3110 to 3110n in the application servers 3100 to 3100n.
- a DRAM 3253 may temporarily store (e.g., may buffer) data to be written to the NAND flash memory device 3252 or data read from the NAND flash memory device 3252. Further, the DRAM 3253 may store meta data. The meta data may be data generated by the controller 3251 to manage user data or the NAND flash memory device 3252.
- the storage devices 3150 to 3150m and 3250 to 3250m may be implemented based on the storage device and the method according to example embodiments described with reference to FIGS. 1 through 23 .
- the storage devices 3150 to 3150m and 3250 to 3250m may perform the method of performing key exchange and the method of performing authority transfer according to example embodiments.
- the inventive concept may be applied to various electronic devices and systems that include the storage devices and the storage systems.
- the inventive concept may be applied to systems such as a personal computer (PC), a server computer, a data center, a workstation, a mobile phone, a smart phone, a tablet computer, a laptop computer, a personal digital assistant (PDA), a portable multimedia player (PMP), a digital camera, a portable game console, a music player, a camcorder, a video player, a navigation device, a wearable device, an internet of things (IoT) device, an internet of everything (IoE) device, an e-book reader, a virtual reality (VR) device, an augmented reality (AR) device, a robotic device, a drone, etc.
- PC personal computer
- server computer a data center
- workstation a mobile phone, a smart phone, a tablet computer, a laptop computer
- PDA personal digital assistant
- PMP portable multimedia player
- digital camera a portable game console
- music player
- the methods, processes, and/or operations described herein may be performed by code or instructions to be executed by a computer, processor, controller, or other signal processing device.
- the computer, processor, controller, or other signal processing device may be those described herein or one in addition to the elements described herein. Because the algorithms that form the basis of the methods (or operations of the computer, processor, controller, or other signal processing device) are described in detail, the code or instructions for implementing the operations of the method embodiments may transform the computer, processor, controller, or other signal processing device into a special-purpose processor for performing the methods herein.
- another embodiment may include a computer-readable medium, e.g., a non-transitory computer-readable medium, for storing the code or instructions described above.
- the computer-readable medium may be a volatile or non-volatile memory or other storage device, which may be removably or fixedly coupled to the computer, processor, controller, or other signal processing device which is to execute the code or instructions for performing the method embodiments or operations of the apparatus embodiments herein.
- controllers, processors, devices, modules, units, multiplexers, generators, logic, interfaces, decoders, drivers, generators and other signal generating and signal processing features of the embodiments disclosed herein may be implemented, for example, in non-transitory logic that may include hardware, software, or both.
- the controllers, processors, devices, modules, units, multiplexers, generators, logic, interfaces, decoders, drivers, generators and other signal generating and signal processing features may be, for example, any one of a variety of integrated circuits including but not limited to an application-specific integrated circuit, a field-programmable gate array, a combination of logic gates, a system-on-chip, a microprocessor, or another type of processing or control circuit.
- the controllers, processors, devices, modules, units, multiplexers, generators, logic, interfaces, decoders, drivers, generators and other signal generating and signal processing features may include, for example, a memory or other storage device for storing code or instructions to be executed, for example, by a computer, processor, microprocessor, controller, or other signal processing device.
- the computer, processor, microprocessor, controller, or other signal processing device may be those described herein or one in addition to the elements described herein.
- the code or instructions for implementing the operations of the method embodiments may transform the computer, processor, controller, or other signal processing device into a special-purpose processor for performing the methods described herein.
- Steps described herein that are performed "when" a criterion has been satisfied need to be performed immediately after, or immediately at the point that, the criterion is satisfied, but may be performed in response to or following that criterion being satisfied.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020200135849A KR20220052016A (ko) | 2020-10-20 | 2020-10-20 | 스토리지 장치에서의 보안 동작을 위한 키 교환 방법 및 이를 이용한 접근 권한 이관 방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3989481A1 true EP3989481A1 (fr) | 2022-04-27 |
Family
ID=76920548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP21185276.9A Pending EP3989481A1 (fr) | 2020-10-20 | 2021-07-13 | Procédé permettant d'effectuer un échange de clés pour une opération de sécurité dans un dispositif de stockage et procédé de réalisation d'un transfert d'autorisation dans un dispositif de stockage l'utilisant |
Country Status (4)
Country | Link |
---|---|
US (1) | US11863664B2 (fr) |
EP (1) | EP3989481A1 (fr) |
KR (1) | KR20220052016A (fr) |
CN (1) | CN114389799A (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4270863B1 (fr) * | 2022-04-27 | 2024-05-01 | Die Unternehmensgefährten GmbH | Reconstruction sécurisée de clés privées |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140032933A1 (en) * | 2012-07-24 | 2014-01-30 | Ned M. Smith | Providing access to encrypted data |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7143443B2 (en) * | 2001-10-01 | 2006-11-28 | Ntt Docomo, Inc. | Secure sharing of personal devices among different users |
US9002018B2 (en) * | 2006-05-09 | 2015-04-07 | Sync Up Technologies Corporation | Encryption key exchange system and method |
US8332629B2 (en) * | 2007-07-16 | 2012-12-11 | Red Hat, Inc. | Mail certificate responder |
US8806214B2 (en) | 2008-12-01 | 2014-08-12 | Novell, Inc. | Communication with non-repudiation and blind signatures |
EP2228942B1 (fr) | 2009-03-13 | 2012-06-06 | Sap Ag | Sécurisation de communications adressées par un premier utilisateur à un deuxième utilisateur |
US20130173931A1 (en) | 2011-12-30 | 2013-07-04 | Yonatan Tzafrir | Host Device and Method for Partitioning Attributes in a Storage Device |
US9754118B2 (en) | 2013-09-09 | 2017-09-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Performing an operation on a data storage |
US9331989B2 (en) | 2014-10-06 | 2016-05-03 | Micron Technology, Inc. | Secure shared key sharing systems and methods |
US11533297B2 (en) * | 2014-10-24 | 2022-12-20 | Netflix, Inc. | Secure communication channel with token renewal mechanism |
KR102292641B1 (ko) * | 2014-12-30 | 2021-08-23 | 삼성전자주식회사 | 메모리 컨트롤러, 그 동작 방법 및 이를 포함하는 메모리 시스템 |
US9705859B2 (en) | 2015-12-11 | 2017-07-11 | Amazon Technologies, Inc. | Key exchange through partially trusted third party |
EP3395091B1 (fr) * | 2015-12-24 | 2021-05-26 | Nokia Technologies Oy | Authentification et accord de clé dans un réseau de communication |
US10567362B2 (en) | 2016-06-17 | 2020-02-18 | Rubicon Labs, Inc. | Method and system for an efficient shared-derived secret provisioning mechanism |
WO2018046103A1 (fr) * | 2016-09-10 | 2018-03-15 | Swiss Reinsurance Company Ltd. | Système de transmission poste à poste et de gestion de clé sécurisées à structure de clé cryptographique à double niveau commandée, et procédé correspondant |
US10672211B2 (en) * | 2017-08-31 | 2020-06-02 | BinBox, Inc. | Secure storage systems and methods |
US10412063B1 (en) * | 2019-02-05 | 2019-09-10 | Qrypt, Inc. | End-to-end double-ratchet encryption with epoch key exchange |
US11157184B2 (en) * | 2019-04-30 | 2021-10-26 | EMC IP Holding Company LLC | Host access to storage system metadata |
KR20210064854A (ko) * | 2019-11-26 | 2021-06-03 | 삼성전자주식회사 | 메모리 컨트롤러, 메모리 컨트롤러를 포함하는 스토리지 장치, 및 메모리 컨트롤러의 동작 방법 |
US11444931B1 (en) * | 2020-06-24 | 2022-09-13 | F5, Inc. | Managing name server data |
CN111988288B (zh) * | 2020-08-04 | 2021-11-23 | 网络通信与安全紫金山实验室 | 基于网络时延的密钥交换方法、系统、设备及存储介质 |
JP2022048601A (ja) * | 2020-09-15 | 2022-03-28 | キオクシア株式会社 | ストレージ装置及び鍵配送方法 |
-
2020
- 2020-10-20 KR KR1020200135849A patent/KR20220052016A/ko active Search and Examination
-
2021
- 2021-05-21 US US17/326,718 patent/US11863664B2/en active Active
- 2021-07-13 EP EP21185276.9A patent/EP3989481A1/fr active Pending
- 2021-08-12 CN CN202110924927.4A patent/CN114389799A/zh active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140032933A1 (en) * | 2012-07-24 | 2014-01-30 | Ned M. Smith | Providing access to encrypted data |
Also Published As
Publication number | Publication date |
---|---|
KR20220052016A (ko) | 2022-04-27 |
US11863664B2 (en) | 2024-01-02 |
CN114389799A (zh) | 2022-04-22 |
US20220123921A1 (en) | 2022-04-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11783044B2 (en) | Endpoint authentication based on boot-time binding of multiple components | |
KR20220091578A (ko) | 메모리 서브시스템에 대한 암호화 키의 위임 | |
US11354048B2 (en) | Storage device and data disposal method thereof | |
US11423182B2 (en) | Storage device providing function of securely discarding data and operating method thereof | |
US20230145936A1 (en) | Storage device, storage system having the same and method of operating the same | |
CN113632066A (zh) | 所执行代码中的错误识别 | |
JP2022527163A (ja) | 暗号ハッシュを用いたメモリに格納されたデータの正当性確認 | |
EP3989481A1 (fr) | Procédé permettant d'effectuer un échange de clés pour une opération de sécurité dans un dispositif de stockage et procédé de réalisation d'un transfert d'autorisation dans un dispositif de stockage l'utilisant | |
CN113647050B (zh) | 基于块链的存储器命令验证 | |
JP2022527904A (ja) | 無線更新の有効性確認 | |
US11995223B2 (en) | Data storage device encryption | |
US20220123932A1 (en) | Data storage device encryption | |
US20230163976A1 (en) | Computing device in a trusted computing system and attestation method thereof | |
US12074983B2 (en) | Trusted computing device and operating method thereof | |
US12032492B2 (en) | Method of operating storage device and method of operating storage system using the same | |
US11677560B2 (en) | Utilization of a memory device as security token | |
US11914879B2 (en) | Storage controller and storage system comprising the same | |
CN115809488A (zh) | 存储设备、在存储设备中生成密钥和执行认证的方法 | |
KR20230068250A (ko) | 저장 장치, 그것을 갖는 저장 시스템 및 그것의 동작 방법 | |
KR20230067436A (ko) | 트러스티드 컴퓨팅 장치 및 이의 동작 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210713 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230520 |